CHAPTER 11: MANAGE COMPUTING SECURELY,SAFELY AND ETHICALLY

Computer Security Risks

• A computer security risk is any event or action that could cause a loss of or damage to computer hardware,software,data,information,or processing capability.
• A cybercrime is an online or Internet-based illegal act
• Hackers
• Crackers
• Script Kiddlies
• Corporate Spies
• Unethical Employees
• Cyberextorrtionists
• Cyberterrorists

Internet and Network Attacks

• Information transmitted over networks has a higher degree of security risk than information kept on an organization's premises.
• An online security service is a Web site that evaluates your computer to check for Internet and e-mail vulnerabilities.
• Computer Virus
• Affects a computer negatively by altering the way the computer works
• Worm
• Copies itself repeatedly,using up resources and possibly shutting down the computer or network.
• Trojan Horse
• A malicious program that hides within or looks like a legitimate program
• Rootkit
• Program that hides in a computer and allows someone from a remote location to take full control.
• An infected computer has one or more of the following symptoms:
• Operating system runs much slower than usual
• Available memory is less than expected 
• File become corrupted
• Screen displays unusual message or image
• Music or unusual sound plays randomly
• Existing programs and files disappear
• Programs or files do not work properly
• Unknown programs or files mystereriously appear
• System properties change
• Operating system does not start up
• Operating system shuts down unexpectedly
• Users can take several precautions to protect their home and work computers and mobile devices from these malicious infections.
• A botnet is a group of compromised computers connected to a network.
• A compromised computer is known as a zombie.
• A denial of service attack (DoS attack) disrupts computer access to Internet services.
• Distributed DoS (DDoS)
• A back door is a program or set of instructions in a program that allow users to bypass security controls.
• Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate.
• A firewall is hardware and/or software that protects a network's resources from intrusion.
• Intrusion detection software
• Analyzes all network traffic
• Assesses system vulnerabilities
• Identifies any unauthorized intrusions
• Notifies network administrators of suspicious behavior patterns or system breaches.
• Honeypot
• Vulnerable computer that is set up to entice an intruder to break into it.

 Unauthorized Access and Use

• Unauthorized access is the use of a computer or network without permission.
• Unauthorized use is the use of a computer or its data for unapproved or possibly illegal activities.
• Organizations take several measures to help prevent unauthorized access and use
• Acceptable use policy
• Disable file and printer sharing
• Firewalls
• Intrusion detection software
• Access controls define who can access a computer,when they can access it,and what actions they can take
• Two-phase processes called identification and authentication
• User name
• Password
• Passphrase
• CAPTCHA
• A possessed object is any item that you must carry to gain access to a computer or computer facility.
• Often are used in combination with a personal identification number(PIN)
• A biometric devices authenticates a person's identify by  translating a personal characteristic into a digital code that is compared with a digital code in a computer.
• Digital forensics is the discovery,collection,and analysis of evidence found on computers an network.
• Many areas use digital forensics
• Law enforcement
• Criminal prosecutors
• Military intelligence
• Insurance agencies
• Information security department

Hardware Theft and Vandalism

• Hardware theft is the act of stealing computer equipment.
• Hardware vandalism is the act of defacing or destroying computer equipment.
• To help reduce the of chances of theft,companies and schools use a variety of security measures
• Physical access controls
• Alarm systems
• Cables to lock equipment
• Real time location system
• Passwords,possessed objects,and biometrics

Software Theft

• Software theft occurs when someone:
• Steals software media 
• Intentionally erases programs
• Illegally copies a program
• Illegally registers and/or activates a program
• A single-user license agreement typically contains the following conditions:
• Permitted to：
• Install the software on one computer
• Make one copy of the software
• Remove the software from your computer before giving it away or selling it
• Not permitted to:
• Install the software on a network
• Give copies to friends or colleagues while continuing to use the software
• Export the software
• Rent or lease the software
• Copying,loaning,borrowing,renting,or distributing software can be a violation of copyright law.
• Some software requires product activation to function fully.

Information Theft

• Information theft occurs when someone steals personal or confidential information.
• Encryption is a process of converting readable data into unreadable characters to prevent unauthorized access.

An example of Public Key Encryption

Step 1: The sender creates a document to be e-mailed to the receiver.

Step 2: The sender uses the receiver's public key to encrypt a message.

Step 3: The receiver uses his of her private key to decrypt the message.

Step 4: The receiver can read or print the decrypted message.

• A digital signature is an encrypted code that a person,Web site,or organization attaches to an electronic message to verify the identity of the sender.
• Often used to ensure that an impostor is not participating in an Internet transaction.
• Web browsers and Web sites use encryption techniques.
• Popular security techniques include
• Digital certificates
• Transport Layer Security(TLS)
• Secure HTTP
• VPN

System Failure

• A system failure is the prolonged malfunction of a computer.
• A variety of factors can lead to system failure,including:
• Aging hardware
• Natural disasters
• Electrical power problems
• Noise,undervoltages,and overvoltages
• Errors in computer programs
• Two ways to protect from system failures caused by electrical power variations include surge protectors and uninterruptable power supplies (UPS) .

Backing Up-The Ultimate Safeguard

• A backup is a duplicate of a file,program,or disk that can be used if the original is lost,damaged, or destroyed.
• to back up a file means to make a copy of it
• Offsite backups are stored in a location separated from the computer site.
• Two categories of backups:
• Full backup
• Selective backup
• Three-generation backup policy
• Grandparent
• Parent
• Child

Wireless Security

• Wireless access poses additional security risks
• About 80 percent of wireless networks have no security protection.
• War driving allows individuals to detect wireless network while driving a vehicle through the area.
• In additional to using firewalls,some safeguards improve security of wireless networks:
• A wireless access point should not broadcast an SSID.
• Change the default SSID
• Configure a WAP so that only certain devices can access it
  Use WPA or WPA2 security standards

Ethics and Society

• Computer ethics are the moral guidelines that govern the use of computers and information systems.
• Information accuracy is a concern
• Not all information on the Web is correct
• Intellectual property rights are the rights to which creators are entitled for their work.
• An IT code of conduct is a written guideline that helps determine whether a specific computer action is ethical or unethical. 
• Green computing involves reducing the electricity and environmental waste while using a computer.
• Information privacy refers to the right of individuals and companies to deny or restrict the collection and use of information about them.
• Huge databases store data online.
• It is important to safeguard your information
• When you fill out a form,the merchant that receives the form usually enters it into a database.
• Many companies today allow people to specify whether they want their personal information distributed.
• A cookie is a small text file that a Web server stores on your computer.
• Web sites use cookies for a variety of reasons:
• Allow for personalization
• Store user's passwords
• Assist with online shopping
• Track how often users visit a site
• Target advertisements
• Spam is an unsolicited e-mail message or newsgroup posting.
• E-mail filtering blocks e-mail messages from designated sources.
• Anti-spam programs attempt remove spam before it reaches your inbox.
• Phishing is a scam in which a perpetrator sends an official looking e-mail message that attempts to obtain your personal and financial information.
• Pharming is a scam where a perpetrator attempts to obtain your personal and financial information via spoofing.
• Social engineering is defined as gaining unauthorized access or obtaining confidential information by taking advantage of trust and naivety.
• Employee monitoring involves the use of computers to observe,record,and review an employee's use of a computer.
• Content filtering is the process of restricting access to certain material on the Web.
• Many businesses use content filtering.
• Internet Content Rating Association(ICRA)
• Web filtering software restricts access to specified Web sites.